With respect to consumer electronic (CE) devices, there is a trend that these are becoming more and more network online service enabled. For example, modern gaming consoles support online services (e.g. Xbox Live). Furthermore, soon TVs will be equipped with functionality such as web-browsing functionality to access services. Typically, service enabled CE devices are complemented with a network portal that provides access to the actual services (such as e.g. the architecture presented in Open IPTV Forum, Functional Architecture—V 1.1, Jan. 15, 2008).
Typically, CE devices have limited user interaction means and users expect that the devices are convenient and simple to use, requiring few operations to accomplish a result. For example, users are typically reluctant to use complex repetitive login procedures using username/passwords.
With respect to digital identity, CE devices take a limited approach, for example to meet the convenience argument as discussed above. For example, the Nintendo Wii gaming console supports multiple characters (“Mii's”) but these are not used for transactions or accessing services. For transactions, the owner of the device can link just one account per console that will be used for performing online transactions such as buying downloadable games. Use of this account can be protected using, e.g., a PIN.
Needless to say, CE devices such as gaming consoles are very often used by multiple people, i.e. not only the owner of a gaming console uses the console. However, up to now the online services are non-personalized, or at the most associated with a fixed single user (e.g. for transactions).
The use of biometric characteristics, biometrics, provides a very convenient way for replacing usernames, passwords and pin-codes in situations where authentication and identification are needed. The biometrics is unique for a human being and can not be forgotten, stolen or lost. As such they are a good candidate for being used in access control and e-transaction systems. In many of these systems biometrics is used to perform convenient and secure one-to-one authentication. However, despite the enormous improvement that has taken place during the past decade, the recognition performance of almost all biometric modalities is still not sufficient to make biometrics a reliable tool for large scale one-to-many identification purposes, and it is expected that this will be true for many years to come.
The state-of-the-art performance in terms of today's biometric systems is in the order of 1% equal error rate (EER). The EER is defined as the operating point of biometric systems at a false acceptance rate (FAR) that is equal to the false rejection rate (FRR). Generally, the EER is a useful performance measure, and the lower the value the better the system. By slightly tuning such a system to a somewhat higher FFR than 1%, a minimum FAR of 0.1% seems possible. Consequently, if the FAR for a given recognition system is 0.1%, this means that an imposter has 0.1% probability that his biometrics “looks like” that of a genuine person. It can be shown that if identification is to be performed, i.e. a one-to-many comparison, the probability that a person will by wrongly recognized becomes FARtot=1−(1−FAR)n.
For example, if the FAR of a biometric recognition system is 0.1%, and a person is to be identified amongst a database of 30 persons, the probability FARtot of finding the wrong person is 1−0.99930=0.03, which might acceptable. However, if a database of 300 has to be searched, the FARtot becomes 26%, which makes this identification system essentially useless.
Additionally, as biometrics provides sensitive personal information about a human being, there is typically a privacy problem related to the storage and usage of biometric data. In order to solve this problem biometric data should never be stored in clear in a database but rather in an encrypted form to guarantee privacy and to avoid malicious database cross-matching attacks. By solving this problem the acceptance level of biometrics will be increased. Such privacy preserving techniques, often referred to as template protection systems, have been described in the prior art, for example in WO2005/122467.